Censys recently launched our 2023 State of Security Leadership Report to do a deep dive into the biggest challenges facing CISOs today. With massive headwinds facing security teams from the increase in threats, to the uncertain economic climate, and massive talent gaps, security leaders have a lot on their minds.
To find out more we surveyed over 200 CISOs and other cybersecurity leaders across a wide range of industry sectors, company sizes, and regions across the United States, Europe, and Australia.
Be sure to download the full report, but here are some highlights.
1. The Security Landscape Has Gotten Worse and So Has Visibility into the Attack Surface
Cyber attacks are increasing in frequency and severity. Seventy percent of respondents claimed that the threat landscape has deteriorated since last year requiring their organizations to up level their security strategies.
Most participants said they believe the rise in highly-scaled attacks is due to daily conversations among trusted peers (52%), the sophistication of the attacks (50%), the increase in vulnerabilities due to remote work and cloud migration (45%), and software providers who aren’t maintaining the most recent practices (38%).
Additionally, respondents stated that understanding the entire attack surface is the number one priority for the next 12 months, likely due to the proliferation of distributed devices and shadow IT.
External Attack Surface Management (EASM) platforms, like Censys, are becoming increasingly important to secure global organizations and prevent attacks.
2. CISOs Must Align Security Initiatives Across All Functions
In a highly intelligent and worsening threat landscape, respondents’ indicate that aligning leadership and cross-functional teams is a critical next step. Over 40% of respondents said aligning business needs and concerns with leadership and cross-functional teams is essential. This past year, 90% of respondents revealed their organization was a victim of a cyberattack that caused material impact, and 53% had two to five data breaches. With attacks on the rise, it is necessary for all teams to understand security initiatives in order to keep organizations secure. Further, it is important that these leaders address these concerns with the C-suite so that a business-wide security strategy can be implemented.
Key alignment initiatives that can be led by security leadership include:
- Producing clear executive reports
- Straightforward ROI metrics about their security investments
- Instructions and an outline of security measures on cross-functional teams
- Well-executed employee training programs
- Inclusion of key company objectives in the security roadmap
3. Understanding Your Cyber Insurance Policy is Essential
Over 90% of respondents stated that their organization has a cyber policy. Yet, a quarter of those respondents didn’t have a clear understanding of what their cyber policy entails. This quickly leads to a domino effect as employees fail to adhere to all the details of the cyber insurance policy. The confusion is likely caused by the quick rise in massively scaled attacks and the adoption of increasingly sophisticated cyber insurance coverage.
Any changes made to the insurance policy should be made known to all employees. Because attackers’ techniques and tactics are always changing, policies need to be adjusted frequently. Understanding any policy update can help expand knowledge and improve the success of business strategies. Asset inventory is a major necessity for retaining cyber insurance. If an organization is unaware of all its assets, it cannot have visibility or a secured attack surface. Organizations use EASM platforms because they are essential for understanding both internal and external assets, reducing time in asset discovery, and providing quick remedies for any vulnerabilities or breaches.
4. Take Note Of Your Team’s Mental Health and Burnout
Paying close attention to your team’s and your own mental health is critical. The constant defeat and/or imposing challenges attackers present to organizations could have damage on one’s mental state. Burnout could also result from having insufficient resources and skills. Many of our respondents cited significant issues hiring and training current resources as a challenge.
This is not an easy issue to solve. There is not just one solution. The first recommendation to security leaders is to regularly engage in burnout focused conversations among your team. Supporting and encouraging conversations circling mental health challenges and burnout will help reveal problems. Teams can understand one another’s emotions once expressed, which makes it easier to have more comfortable and open communication with leadership and their team. The second recommendation is to invest in automation and other security tools to put ease on employees, while increasing efficiency and productivity. By leveraging these technologies, security leaders can maintain organizational health and security with less stress and pressure on employees.
5. Organizations Must Maintain and Prioritize Cyber Security Policies
Eighty percent of our respondents claim that their security policies are stringent enough to address risks from technologies at a worker’s disposal.
However, that still leaves 20% vulnerable. Further, according to 58% of survey respondents, their employees are trained on cyber risks, but 20% said they don’t think the training is sufficient. Misconfigurations and simple human error are some of the main causes in data exposures. A quick remedy is to organize an employee training program, which will ensure that all employees have the same knowledge and resources. Additionally, organizations should be sure to align and prioritize C-suite training. Different tools can help organizations with this issue, as they can be used to get staff aligned with all security policies.